Google warns of Android flaw used to gain root access to devices

An application that allows users to gain full control -- root access -- over their Android devices is taking advantage of a security flaw in the Linux kernel that has remained unpatched in Android since its discovery two years ago.

The bug was originally fixed in the Linux kernel in April 2014, but wasn't flagged as a vulnerability until February 2015 when its security implications were understood and it received the CVE-2015-1805 identifier. Even then, the fix did not get ported to Android, which is based on the Linux kernel.

It wasn't until Feb. 19 that researchers from a security outfit called C0RE Team notified Google that the vulnerability could be exploited on Android in order to achieve privilege escalation -- the execution of code with the privileges of the root account.